ngangasn.com transparent logo

Can a domain have multiple TXT records?

Domain name multiple TXT records
Share your love

DNS records are essential to regular users because they allow the translation of addresses into human-readable forms such as a domain name. DNS TXT records have been used for email validation, security, and domain verification, among many other uses.

For these reasons, you may find yourself cornered to use more than one TXT record for your domain DNS records.

So, can a domain have multiple TXT records? A domain can have more than one TXT record in its DNS records configuration. Adding more than one TXT record for your domain allows you to define multiple TXT records needed for email security and domain name ownership verification. Thus, multiple TXT records can be used in a single domain for verification and validation.

One common DNS record example is the A record that allows mapping a domain name (example.com) to an IP address (e.g., 127.0.0.1).

Thus, when you access example.com, the DNS system access the server IP (127.0.0.01) associated with the domain name. If A record didn’t exist, you would have to type in the IP addresses of every website or blog to access it.

That means, instead of typing google.com, you would have to type 74.125.28.138 every time you want to search for something.

Fortunately, DNS came to provide easier ways to access servers through the use of domain names.

For that reason, as a developer, you should be able to understand how to configure these DNS records correctly to achieve correct IP matching, validation, and verification.

In this article, I will show you how to add more than one TXT record for your domain. But first, let’s see the type of TXT records you will need for your domain.

Common types of TXT records used in the DNS configuration

Types of TXT records that you will have to configure for your domain name are

  1. DMARC
  2. SPF
  3. DKIM
  4. Normal TXT that can be used as a DMARC, SPF, or DKIM record

Some web hosting will provide these TXT records with their associated record type. Thus, you will see the SPF TXT record labeled specifically as SPF when selecting the DNS record type. This is a common case in Google Domains and Cloudflare.

However, other hosting providers will allow you to add DKIM, SPF, and DMARC records as TXT record types. Thus, you will be required to select the TXT record type to add DKIM, SPF, and DMARC record types.

Why you would need TXT records for your domain

You may add TXT records in the form of SPF, DMARC, DKIM, or TXT record types to achieve the following:

  1. Help achieve email security – helps prevent email spoofing and provides email validation and authentication
  2. Domain verification. Help verify ownership of a domain name. For example, you will need to add TXT records to verify you own a domain name to webmaster tools such as Google Search Console, Bing webmasters, e.t.c

Here are the common types of TXT records you will need to add to your domain

SPF – Sender Policy Framework

A mechanism that tells servers receiving emails which servers are allowed to send mail on behalf of the domain name.

How SPF works

So, I send you an email using admin[at]ngangasn.com

Before your email server shows you the new email, it first checks the SPF of the sending email (admin[at]ngangasn.com] to verify that the server for ngangasn.com is authorized for sending emails.

If it cannot verify that the email came from a valid server, then your email server, which in this can be Gmail, rejects it or categorizes the email as spam.

Thus, an SPF record is used for email validation to ensure incoming emails are from a valid and trusted email server.

Reasons an email may be rejected or sent to spam when looking for an SPF DNS record.

  1. SPF record does not exist for your domain name
  2. SPF specifies a server IP address that is not authorized for sending mail

If the SPF passes, you will get the email I sent you in your Inbox. This means the SPF record was validated successfully.

DKIM – Domain Keys Identified Mail

DKIM is an email authentication technique that uses public and private keys to sign emails. Thus, it allows the cryptographic signing of emails to provide better authentication.

DKIM is a DNS TXT record that uses digital signatures (private and public keys) to provide email authentication and verification.

How DKIM works

The sending server adds a digital signature (private key) to every outgoing email.

The receiving server verifies the emails by matching the private key received and the public key/signature present in the DKIM DNS record.

When the two signatures match, the receiving server can verify the email came from your domain.

DMARC – Domain-based Message Authentication, Reporting, and Conformance

DMARC is another DNS record of type TXT that defines the steps to be taken after an email fails authentication. For example, the receiving server may not verify the domain; the SPF record may show mismatched information, the recipient fails to identify the actual domain; or DKIM authentication fails.

In that case, the DMARC TXT record is read, and the instructions provided are executed.

How DMARC works

An email is sent from the sending domain

The receiving email server checks the SPF record

Next, the receiving email server checks the DKIM record and performs authentication signatures.

At last, it checks the DMARC record to determine what to do with emails that do not pass SPF, DKIM, or both.

The email is delivered and displayed in your Inbox if the message is accepted.

However, if the SPF or DKIM, or both fails, the emails may be

  1. Quarantined
  2. Rejected

TXT record

A TXT record can also be used as a DMARC, DKIM, or SPF record without explicitly selecting the record type. What this means is that you can select the record type to be TXT and add your DMARC, DKIM, or SPF record value.

Here is an example of adding an SPF record through a TXT record.

Another common use of a TXT record is domain name ownership verification. Other services or tools, such as webmaster tools, will require you to add a TXT record to verify that you own that domain name. Because access to domain name nameservers through your hosting account is personal, these tools can verify that you own the domain name.

An example of a scenario where you will be required to verify domain ownership is when you may be submitting your website to Google Search Console or Microsoft Bing webmaster tools.

Besides, you may use TXT records to add additional information about your website.

How to add TXT records for your domain name

To add a TXT record or multiple TXT records for your domain name, you will have to log in to your hosting provider and access the domain management tab. If you have added your website to Cloudflare, you will need to log in to your account, select the domain name, and access the DNS tab.

Once you have accessed the DNS management or DNS tab, you can add TXT records for your domain by following these steps:

Step 1: Press add record button

Step 2: Select the record type as TXT

Step 3: Enter the name of the TXT record (use @ if not specified)

Step 4: Enter TXT record value/content

Step 5: Specify TTL (Time To Live) as auto or 3260

Step 6: Save your DNS TXT record

Step 7: Repeat the same process for additional TXT records

After saving your TXT record, you can confirm through your dashboard that the record has been successfully added. Alternatively, as shown below, you may use lookup tools or Terminal commands to check your DNS TXT records.

How to check your TXT records are live/exists for your domain

There are two ways that you can use to check that your TXT records are live or existent for your domain name.

  1. Through an online lookup tool
    1. You may use tools such as DNS checker
  2. Through the Terminal
    1. You may use commands such as nslookup and dig

How to check your domain TXT record using dnschecker

To check your domain TXT records using dnschecker website, follow these steps:

Step 1: Open your browser

Step 2: Type the following URL in your address bar and hit Enter

https://dnschecker.org/

Step 3: Type in your domain name URL

Step 4: Select TXT record type

Step 5: Press Search

You will be able to see all the records that you have added to your domain name. Thus, you can know which ones are live/exist in your domain DNS records.

How to check your domain TXT record using the dig command

To check your domain TXT records using the dig command, follow these steps:

Step 1: Open the Terminal

Step 2: Type the following command and hit Enter

dig yourdomainname.com TXT

Here’s an actual example with my domain name

dig ngangasn.com TXT

How to check your domain TXT record using nslookup command

To check your domain TXT records using nslookup command, follow these steps:

Step 1: Open the Terminal

Step 2: Type the following command and hit Enter

nslookup -q=txt yourdomainname.com

Here’s an actual example with google.com

nslookup -q=txt google.com

As you can see, google.com has multiple TXT records for email validation and domain verification. The results show that Google uses SPF records to achieve successful email validation and avoid messages categorized as spam.

Another use case for TXT records in the google.com domain is that they have used a couple of TXT records for domain verification. As you can see, Google has used multiple TXT records to verify domain ownership for google-site, onetrust, Atlassian, Facebook, Apple, and Webex.

From the Google example above, you can see that you can add more than one TXT record for your domain name DNS.

Related Questions

Is an SPF record a TXT record?

An SPF record is a TXT record that you can add to your DNS records for your domain. You may explicitly choose an SPF or TXT record type when adding your SPF value for your domain. SPF helps achieve email security by reducing spam and spoofing.

Conclusion

As we have seen, a domain can have more than one TXT record in its DNS records configuration. Among the reasons why you would need to add more than one TXT record are to:

  1. Achieve email security
  2. Perform domain verification and validation, e.g., verify ownership of the domain name

Adding these DNS records is a straightforward process because you must log in to your host, add the records, and wait for them to be live. As a result, you can ensure that your domain emails are not sent to the spam folder. Besides, verify domain ownership to webmaster tools such as Google Search Console, Microsoft Bing webmaster tools, e.t.c.

Struggling to find affordable hosting for your Django web application?

This hosting service offers a cost-effective solution that is tailored for

  1. VPS hosting for Django
  2. Shared hosting for Django

Allowing you to:

🚀 Supercharge Your Ideas: Worried about investing too much upfront? Our affordable shared hosting lets you test and validate your innovative concepts created using Python Django without draining your budget.

🎯 Lure and Impress Clients With an Already Deployed Django Project: You just need one hosting plan to host unlimited Django websites.

⚙️ Hassle-Free Setup: With the user-friendly interface, you’ll have your Django project up and running in minutes with this Django-ready optimized host. Besides, I have written an article for you to use to deploy your Django app, here.

Act now while there is a huge discount on their hosting plans. Use the link below

Secure Your Hosting Server Now!

Share your love
Badi
Badi

Badi here, creator of ngangasn.com— A website dedicated to providing helpful information and how-to's of web development and hosting. Inspired by a fascination to write the most efficient code to make a computer laugh, & humans, Steve has a passion for organizing characters to create code and informative content.
What makes me happy?
Well, nothing like the feeling of finally figuring out that one pesky bug that's been driving me crazy.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *